The <md:ArtifactResolutionService> element is used to configure handlers that are responsible for resolving SAML 2.0 artifacts into protocol messages.

This is an advanced configuration feature. Most deployments can rely on the <SSO> and <Logout> shorthand elements.

The HTTP-Artifact binding in SAML 2.0 allows messages sent by the SP to an IdP to be carried by reference using a simple redirect, instead of by value. The downside is that an extra callback is required to turn the artifact back into the original message, typically using SOAP.

Common Attributes

  • Location (relative path)
    • The location of the service (when combined with the base handlerURL). This is the location to which an IdP sends requests to resolve artifacts.
  • Binding (URI)
    • Identifies the protocol binding supported by the service.
  • index (unsigned integer)
    • A "tag" that identifies the endpoint so that it can be referenced by other configuration elements or applications. It is strongly suggested that the values correspond to the values included in the SP's Metadata.

SAML 2.0 ArtifactResolutionService

The SAML 2.0 handler implements the dereferencing/resolution steps of the SAML 2.0 HTTP-Artifact binding.

The following Binding values are supported:

  • urn:oasis:names:tc:SAML:2.0:bindings:SOAP

Note that authentication of the request is controlled by the security policy rules in effect.